Kappa Ransomware

Posted by Sarah Stewart on August 31, 2017

What is Kappa Ransomware?

A new ransomware infection has been discovered by our research team, and it goes by the name Kappa Ransomware. By the time you are reading this, the malicious ransomware might have been unleashed already, and your personal files might have been encrypted, but at the time of our research, this threat was still in development stages. The sample that our Anti-Spyware-101.com malware researchers have tested had a fully functional encryption and decryption algorithm, and it could connect to a remote server to transfer certain information. It was found that the threat could record technical details about the infected computer, and some of it could be used to create the so-called Client ID. It was found that this ID is a combination of the MAC Address and the Processor ID, as well as the Hard Drive serial number. This ID is sent to a remote server (http://185.106.120.162/key/key.php?hwid=) along with the encryption key that is used for the corruption of files. Also, you are introduced to this ID via a window that the infection launches right after the encryption is complete. Unfortunately, your files will remain encrypted if you delete Kappa Ransomware, but, of course, removing this threat is crucial.testtesttest

How does Kappa Ransomware work?

There are plenty of infections similar to Kappa Ransomware, some of which include VideoBelle Ransomware, Cezar Ransomware, Defray Ransomware, and Error Ransomware. Some of them are fully functional, while others are still being developed. All of them are developed by cyber criminals who want to make a profit using illegal practices. First of all, they have to infiltrate malware, and that, of course, is done illegally as well. Some users might invite malware like this in by opening misleading files attached to spam emails. In other cases, vulnerable remote access backdoors could be exploited to let in malware without the user’s knowledge. In any case, the creator of the ransomware banks on the ability to keep malware hidden so that the encryption could be initiated successfully. To encrypt files, Kappa Ransomware employs the AES encryption algorithm, which is encrypted using the RSA encryption for additional protection. It is not hard to spot the compromised files because they should be given the “.OXR” extension. Just like most infections of this kind, the ransomware encrypts files so that you would take the demands seriously. These demands are showcased via a window that is launched after encryption, and two TXT files that might be placed along with all encrypted files.

The ransom note files Kappa Ransomware creates are called “1 What happens with my files.txt” and “1 How to buy Bitcoin.txt”. The first one displays the exact same message that we see in the window note. According to it, photos, documents, archives, and important files are encrypted, and you can recover them only if you pay a ransom in Bitcoins. The second file instructs to create a Bitcoin Wallet so that you could make the transaction. Unfortunately, we do not know the Bitcoin Address to which the ransom should be paid, or the email to which you should send your Client ID if you paid the ransom. This information is simply not available yet. All in all, paying the ransom is not something we can support because if the creator of Kappa Ransomware works just like all other ransomware creators, a decryption key you need will not be given to you in return. You can delete the ransomware and the TXT file it creates, remove the unique extension, install free file decryptors, and do other things, but your files are unlikely to be recovered unless they are backed up externally (e.g., on an external drive).

How to delete Kappa Ransomware

You might be confused about what you should do to get your personal files decrypted, especially considering that you do not have many options; however, you cannot be confused about the removal of Kappa Ransomware. This infection MUST be eliminated from your operating system as soon as possible, and if you do not know how to do it yourself, employing reliable anti-malware software might be the way for you. You should have no reservations about using this software because it can be extremely helpful in the future. If you keep it installed, you significantly minimize the possibility for other threats to invade your operating system in the future. If you want to take care of your virtual security at a later time, you might find the guide below useful. Note that the main file could have been placed anywhere.

Removal Guide

  1. Right-click the launcher of the ransomware (it has a random name).
  2. Select Delete to get rid of this file (if you cannot eliminate it, you might have to terminate a malicious process via Task Manager (to open, tap Ctrl+Shift+Esc) first).
  3. Delete the TXT files representing the ransom: 1 What happens with my files.txt and 1 How to buy Bitcoin.txt.
  4. Right-click the recycle bin and choose Empty Recycle Bin.
  5. Install a trustworthy malware scanner to inspect your operating system for leftovers. 100% FREE spyware scan and
    tested removal of Kappa Ransomware*

Stop these Kappa Ransomware Processes:

Kappa Ransomware.exe
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *